How to issue a CSR with out SAN

krejon · May 4, 2016, 3:11pm

Hi,
because i’m using HPKP i created 2 Backup CSRs following this tutorial: https://scotthelme.co.uk/hpkp-http-public-key-pinning/
As the tutorial didn’t mention the subjectAltName filed and didn’t know much about certificate issuing at the time i did not set my domain name in the san field of the csr.
Now as my certificate is going to expire tomorrow i wanted to get a new certificate. For that i have to use my existing CSRs because their hash pin is known to the bowsers of my users.
I this: ./letsencrypt-auto certonly --csr my.domain.csr -d my.domain
and got: Unfortunately, your CSR needs to have a SubjectAltName for every domain. (That is also the only message in letsencrypt.log)
Is there any way i can get a certificate for my domain from my existing CSR files?

Any help is appreciated

jmorahan · May 4, 2016, 3:19pm

If you still have access to the private key, you should be able to use it to generate a new CSR with the same pin hash (because the hash is derived from the public key, not the full CSR).

krejon · May 4, 2016, 4:22pm

Thank you so much. This solved the problem

system · June 3, 2016, 4:22pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create a csr for ssl certificate Help	2	38	October 11, 2024
Getting a CSR from already existing certificates Help	19	1196	March 5, 2019
CSR for SAN cert Help	5	897	August 26, 2018
multidomain/SAN cert csr submitted, but only single-domain cert returned? Issuance Tech	4	2609	September 4, 2016
How to a certificate from personal private key and self-signed csr? Help	3	968	November 2, 2019

How to issue a CSR with out SAN

Related topics